Zebra.py (CVE-2013-7091)

(05-10-2014, 11:33 AM)BreShiE Wrote:

[To see links please register here]

Fair warning to SL members, don't ever run random scripts without reading the source code first.

Reading the source code and understanding what it does*

(05-10-2014, 11:38 AM)BreShiE Wrote:

[To see links please register here]

Yeah no shit... Otherwise it'd be like reading a book of scribbles?

I never underestimate the stupidity of people online.

Fair warning to SL members, don't ever run random scripts without reading the source code first.

(05-10-2014, 08:20 AM)Six Wrote:

[To see links please register here]

I dont understand the animal reference to be quite honest, anyone care to explain?

Every PoC I make gets named after some animal, usually one that sounds like the vendor/product. Why? Fun.

(05-10-2014, 11:33 AM)BreShiE Wrote:

[To see links please register here]

Fair warning to SL members, don't ever run random scripts without reading the source code first.

Well Breshie, how does this one check out?

(05-10-2014, 09:17 AM)chF Wrote:

[To see links please register here]

Nice move, Matthew. I guess you're losing your job.. what a shame. It lasted a few months, too!

For what exactly? Disclosing a PoC for a public vulnerability that was patched over a year ago? I see you're as desperate and illogical as ever.

>matthew
>omg he said my name run

(05-10-2014, 02:15 PM)Dyme Wrote:

[To see links please register here]

Well Breshie, how does this one check out?

To me it seems fine, but it doesn't mean others still shouldn't check it out for themselves.

(05-10-2014, 02:23 PM)BreShiE Wrote:

[To see links please register here]

To me it seems fine, but it doesn't mean others still shouldn't check it out for themselves. :wink:

That's ok, it's only your stamp of approval that I really wanted

It seems the only possible place he could have backdoored this would be in the .jsp shell that gets uploaded. If you don't trust it, just use your own .jsp shell.
Also, what window theme is that?

(05-10-2014, 04:52 PM)Adorapuff Wrote:

[To see links please register here]

It seems the only possible place he could have backdoored this would be in the .jsp shell that gets uploaded. If you don't trust it, just use your own .jsp shell.
Also, what window theme is that?

It's not a theme, it's hardcore ricing.

This one is very similiar to HoodedRobin's Zimbra exploiter (It's made in ruby).

(05-11-2014, 02:41 PM)Z0le Wrote:

[To see links please register here]

This one is very similiar to HoodedRobin's Zimbra exploiter (It's made in ruby).

Ruby < Python < Perl